CVE-2015-2890 — Vulnetix

Try Vulnetix Request Demo

CVE-2015-2890 PUBLISHED CVSS 7.199999809265137 HIGH

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

EPSS 0.32% · 54.5th percentile

Risk Scores

CVSS v2.0

7.199999809265137

EPSS Score

0.32%

54.5th percentile

Affected Products

Vendor	Product	Versions
dell	bios	0, 0, 0
n/a	n/a	n/a

Timeline

Jul 30, 2015 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

VU#577140 third-party-advisory
http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L url
https://nvd.nist.gov/vuln/detail/CVE-2015-2890 advisory

Open in Interactive Console →